If you enter as administrator in DNN it's easy to obtain RCE.
Via SQL
A SQL console is accessible under the **Settings**
page where you can enable **xp_cmdshell**
and run operating system commands.
Use these lines to enable **xp_cmdshell**
:
And press "Run Script" to run that sQL sentences.
Then, use something like the following to run OS commands:
Copy
Via ASP webshell
In Settings -> Security -> More -> More Security Settings
you can add new allowed extensions under Allowable File Extensions
, and then clicking the Save
button.
Add **asp**
or **aspx**
and then in **/admin/file-management**
upload an asp webshell called shell.asp
for example.
For instance:
Then access to **/Portals/0/shell.asp**
to access your webshell.
Privilege Escalation
You can escalate privileges using the Potatoes or PrintSpoofer for example.
Last update: 2025-05-18 Created: May 18, 2025 16:41:27